cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2023-4639,https://securityvulnerability.io/vulnerability/CVE-2023-4639,Unauthorized Data Access via Incorrect Cookie Parsing,"A flaw exists in the Undertow server, which improperly handles the parsing of cookies that contain specific value-delimiting characters in requests. This vulnerability enables potential attackers to craft malicious cookie values, enabling the exfiltration of HttpOnly cookie values or the spoofing of additional cookie values. Consequently, this can lead to unauthorized access to sensitive data and alterations, posing significant risks to the integrity and confidentiality of the affected applications.",Red Hat,"Migration Toolkit For Runtimes 1 On Rhel 8,Red Hat Jboss Enterprise Application Platform 7,Red Hat Jboss Enterprise Application Platform 7.4 For Rhel 8,Red Hat Jboss Enterprise Application Platform 7.4 For Rhel 9,Red Hat Jboss Enterprise Application Platform 7.4 On Rhel 7,Red Hat Jboss Enterprise Application Platform 8,Red Hat Jboss Enterprise Application Platform 8.0 For Rhel 8,Red Hat Jboss Enterprise Application Platform 8.0 For Rhel 9,Migration Toolkit For Applications 6,Red Hat Build Of Apache Camel For Spring Boot 3,Red Hat Build Of Apicurio Registry,Red Hat Build Of Quarkus,Red Hat Data Grid 8,Red Hat Decision Manager 7,Red Hat Fuse 7,Red Hat Integration Camel K,Red Hat Integration Camel Quarkus,Red Hat Integration Change Data Capture,Red Hat Jboss Data Grid 7,Red Hat Jboss Enterprise Application Platform 6,Red Hat Jboss Fuse 6,Red Hat Jboss Fuse Service Works 6,Red Hat Process Automation 7,Red Hat Single Sign-on 7",7.4,HIGH,0.0004400000034365803,false,,false,false,false,,,false,false,,2024-11-17T11:15:00.000Z,0
CVE-2023-1973,https://securityvulnerability.io/vulnerability/CVE-2023-1973,Server Denial of Service Vulnerability Discovered in Undertow's FormAuthenticationMechanism,"A vulnerability exists in the Undertow package, specifically within the FormAuthenticationMechanism. A malicious user can exploit this flaw by sending specially crafted requests to the server. This action could lead to a Denial of Service condition, causing the server to encounter an OutOfMemory error and exhausting its available memory resources. This vulnerability poses significant risks to application stability and overall service availability.",Red Hat,"Red Hat Jboss Enterprise Application Platform 7,Red Hat Jboss Enterprise Application Platform 7.4 For Rhel 8,Red Hat Jboss Enterprise Application Platform 7.4 For Rhel 9,Red Hat Jboss Enterprise Application Platform 7.4 On Rhel 7,Red Hat Jboss Enterprise Application Platform 8,Red Hat Jboss Enterprise Application Platform 8.0 For Rhel 8,Red Hat Jboss Enterprise Application Platform 8.0 For Rhel 9",7.5,HIGH,0.0010900000343099236,false,,false,false,false,,,false,false,,2024-11-07T10:01:57.995Z,0
CVE-2024-8883,https://securityvulnerability.io/vulnerability/CVE-2024-8883,"Attackers can Redirect Users to Arbitrary URLs, Exposing Sensitive Information","A misconfiguration flaw was found in Keycloak. This issue can allow an attacker to redirect users to an arbitrary URL if a 'Valid Redirect URI' is set to http://localhost or http://127.0.0.1, enabling sensitive information such as authorization codes to be exposed to the attacker, potentially leading to session hijacking.",Red Hat,"Red Hat Build Of Keycloak,Red Hat Build Of Keycloak 22,Red Hat Build Of Keycloak 24,Red Hat Jboss Enterprise Application Platform 8,Red Hat Jboss Enterprise Application Platform 8.0 For Rhel 8,Red Hat Jboss Enterprise Application Platform 8.0 For Rhel 9,Red Hat Single Sign-on 7,Red Hat Single Sign-on 7.6 For Rhel 7,Red Hat Single Sign-on 7.6 For Rhel 8,Red Hat Single Sign-on 7.6 For Rhel 9,Rhel-8 Based Middleware Containers",6.1,MEDIUM,0.0024399999529123306,false,,false,false,false,,,false,false,,2024-09-19T15:48:28.468Z,0
CVE-2024-8698,https://securityvulnerability.io/vulnerability/CVE-2024-8698,Flaw in SAML Signature Validation Method Allows Privilege Escalation or Impersonation Attacks,"CVE-2024-8698 is a privilege escalation and impersonation vulnerability located in the SAML signature validation method within the Keycloak XMLSignatureUtil class. The vulnerability allows attackers to create crafted responses that can bypass validation, potentially leading to privilege escalation or impersonation attacks. The impact of the exploitation can have a high impact on confidentiality, with lower impacts on integrity and availability. The vulnerability is addressed in Keycloak version 25.0.6 and organizations using Keycloak are strongly recommended to install updates as soon as possible. It is also recommended to implement updates from other vendors who rely on Keycloak for identity and access management. Upgrading to the newest version may provide safety from future exploitation, but it does not remediate historic compromise. At the time of reporting, no active exploitation of this vulnerability by ransomware groups was reported.",Red Hat,"Red Hat Build Of Keycloak,Red Hat Build Of Keycloak 22,Red Hat Build Of Keycloak 24,Red Hat Jboss Enterprise Application Platform 8,Red Hat Jboss Enterprise Application Platform 8.0 For Rhel 8,Red Hat Jboss Enterprise Application Platform 8.0 For Rhel 9,Red Hat Single Sign-on 7,Red Hat Single Sign-on 7.6 For Rhel 7,Red Hat Single Sign-on 7.6 For Rhel 8,Red Hat Single Sign-on 7.6 For Rhel 9,Rhel-8 Based Middleware Containers",7.7,HIGH,0.0007099999929778278,false,,true,false,true,2024-09-25T18:56:46.000Z,true,false,false,,2024-09-19T15:48:18.464Z,0
CVE-2024-7885,https://securityvulnerability.io/vulnerability/CVE-2024-7885,Undertow ProxyProtocolReadListener Vulnerability,"A notable vulnerability exists in the Undertow HTTP server related to the handling of multiple requests over the same HTTP connection. The issue stemmed from the misuse of a shared StringBuilder instance within the ProxyProtocolReadListener, specifically during the process of handling requests in the parseProxyProtocolV1 method. This flaw can lead to information leakage, where sensitive data from a preceding request may be inadvertently included in a subsequent response. The consequence is not only potential data exposure but also issues with connection stability, as errors may arise during processing, affecting overall application performance in environments that handle multiple requests concurrently.",Red Hat,"Red Hat Build Of Apache Camel 3.20.7 For Spring Boot,Red Hat Build Of Apache Camel 4.4.2 For Spring Boot,Red Hat Jboss Enterprise Application Platform 7.1.0,Red Hat Jboss Enterprise Application Platform 7.4 For Rhel 8,Red Hat Jboss Enterprise Application Platform 7.4 For Rhel 9,Red Hat Jboss Enterprise Application Platform 7.4 On Rhel 7,Red Hat Jboss Enterprise Application Platform 8,Red Hat Jboss Enterprise Application Platform 8.0 For Rhel 8,Red Hat Jboss Enterprise Application Platform 8.0 For Rhel 9,Red Hat Build Of Apache Camel For Spring Boot,Red Hat Build Of Apache Camel - Hawtio,Red Hat Build Of Keycloak,Red Hat Build Of Quarkus,Red Hat Data Grid 8,Red Hat Integration Camel K,Red Hat Jboss Data Grid 7,Red Hat Jboss Enterprise Application Platform Expansion Pack,Red Hat Jboss Fuse 7,Red Hat Process Automation 7,Red Hat Single Sign-on 7",7.5,HIGH,0.0009800000116229057,false,,false,false,false,,,false,false,,2024-08-21T14:13:36.579Z,0
CVE-2024-1102,https://securityvulnerability.io/vulnerability/CVE-2024-1102,Database Logging Vulnerability Exposes User Credentials,A vulnerability was found in jberet-core logging. An exception in 'dbProperties' might display user credentials such as the username and password for the database-connection.,Red Hat,"Red Hat Jboss Enterprise Application Platform 8,Red Hat Jboss Enterprise Application Platform 8.0 For Rhel 8,Red Hat Jboss Enterprise Application Platform 8.0 For Rhel 9,Red Hat Build Of Keycloak,Red Hat Data Grid 8,Red Hat Jboss Data Grid 7,Red Hat Jboss Enterprise Application Platform 6,Red Hat Jboss Enterprise Application Platform 7,Red Hat Jboss Enterprise Application Platform Expansion Pack,Red Hat Jboss Fuse 7,Red Hat Single Sign-on 7",6.5,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2024-04-25T17:15:00.000Z,0
CVE-2023-6236,https://securityvulnerability.io/vulnerability/CVE-2023-6236,Flaw in JBoss EAP OIDC Implementation Allows Access to Multiple Tenants Without Logout,"A significant vulnerability exists in Red Hat Enterprise Application Platform 8, impacting applications utilizing OpenID Connect (OIDC) for multi-tenancy. The flaw arises within the OidcSessionTokenStore, where the logic for determining the usage of cached authentication tokens fails to account for the 'provider-url' option associated with different tenants. When a user attempts to switch to a second tenant, the system incorrectly allows the use of the previously cached token instead of requiring a new login, undermining the security of tenant-specific configurations. This oversight necessitates immediate attention for organizations leveraging this platform to ensure proper authentication protocols.",Red Hat,"Red Hat Jboss Enterprise Application Platform 8,Red Hat Jboss Enterprise Application Platform 8.0 For Rhel 8,Red Hat Jboss Enterprise Application Platform 8.0 For Rhel 9,Red Hat Jboss Enterprise Application Platform 7,Red Hat Jboss Enterprise Application Platform Expansion Pack",7.3,HIGH,0.00044999999227002263,false,,false,false,false,,,false,false,,2024-04-10T01:04:53.970Z,0
CVE-2024-1233,https://securityvulnerability.io/vulnerability/CVE-2024-1233,JwtValidator ResolvePublicKey Vulnerability Could Lead to SSRF,"A vulnerability exists in the JwtValidator.resolvePublicKey method of JBoss EAP, which permits an attacker to execute a server-side request forgery (SSRF) attack. This issue arises because the validator inadequately filters or whitelists destination URL addresses during HTTP requests when processing JSON Web Token (JWT) public key URLs. As a result, malicious actors may exploit this flaw to make unauthorized HTTP requests from the vulnerable server, compromising internal resources and exposing sensitive data.",Red Hat,"Red Hat Jboss Enterprise Application Platform 7,Red Hat Jboss Enterprise Application Platform 7.4 For Rhel 8,Red Hat Jboss Enterprise Application Platform 7.4 For Rhel 9,Red Hat Jboss Enterprise Application Platform 7.4 On Rhel 7,Red Hat Jboss Enterprise Application Platform 8,Red Hat Jboss Enterprise Application Platform 8.0 For Rhel 8,Red Hat Jboss Enterprise Application Platform 8.0 For Rhel 9,Red Hat Jboss Enterprise Application Platform Expansion Pack",7.3,HIGH,0.0006200000061653554,false,,false,false,false,,,false,false,,2024-04-09T07:01:47.673Z,0
CVE-2024-1459,https://securityvulnerability.io/vulnerability/CVE-2024-1459,Potential Path Traversal Vulnerability in Undertow Could Allow Access to Privileged Files,"A path traversal vulnerability was found in Undertow. This issue may allow a remote attacker to append a specially-crafted sequence to an HTTP request for an application deployed to JBoss EAP, which may permit access to privileged or restricted files and directories.",Red Hat,"Red Hat Jboss Enterprise Application Platform 7,Red Hat Jboss Enterprise Application Platform 7.4 For Rhel 8,Red Hat Jboss Enterprise Application Platform 7.4 For Rhel 9,Red Hat Jboss Enterprise Application Platform 7.4 On Rhel 7,Red Hat Jboss Enterprise Application Platform 8,Red Hat Jboss Enterprise Application Platform 8.0 For Rhel 8,Red Hat Jboss Enterprise Application Platform 8.0 For Rhel 9,Red Hat Build Of Quarkus,Red Hat Data Grid 8,Red Hat Decision Manager 7,Red Hat Jboss Data Grid 7,Red Hat Jboss Fuse 6,Red Hat Jboss Fuse 7,Red Hat Process Automation 7,Red Hat Single Sign-on 7",5.3,MEDIUM,0.0014700000174343586,false,,false,false,false,,,false,false,,2024-02-12T20:30:03.768Z,0